As I understand it a DA client will first look for a Certificate Revocation List before looking for the Network Location Server - if it doesn't find the CRL it doesn't attempt to connect to the NLS and the client therefore thinks it is external to the
corporate network - so obviously I want that CRL to be as highly available as possible. I am using an AD integrated Enterprise PKI which publishes the CRL into AD via a LDAP URL (see below). Is this enough to make the CRL for the NLS highly available?
![]()
↧